Fake Java Update Delivers Malware

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Trend Micro researchers are warning of new malware that poses as the recently-released Java Update 11.

"The real update was released Sunday by Oracle as an emergency fix for two zero-day vulnerabilities in Java -- including CVE-2012-3174 -- that are being actively exploited by attackers," writes InformationWeek's Mathew J. Schwartz.

"The ... fake update ... is javaupdate11.jar (detected as JAVA_DLOADER.NTW), which contains javaupdate11.class that downloads and executes malicious files up1.exe and up2.exe (both detected as BKDR_ANDROM.NTW)," writes TrendLabs' Paul Pajares. "Once executed, this backdoor connects to a remote server that enables a possible attacker to take control of the infected system. Users can get this fake update by visiting the malicious website, {BLOCKED}currencyreport.com/cybercrime-suspect-arrested/javaupdate11.jar."

"After the initial backdoor installation, Trend Micro observed the installation of a keylogger, which criminals, spies and suspicious spouses use to steal passwords," writes TechNewsDaily's Paul Wagenseil. "There was also a failed attempt to install a form of ransomware, malware that encrypts user files and then demands money for continued access. The phony patch doesn't actually take advantage of the Java vulnerability it purports to fix, although plenty of other browser-based malware does. Of course, it doesn't patch the vulnerability either."

"Separately Trend Micro warned earlier this week that the latest Java security update may be incomplete," writes The Register's John Leyden. "The update attempts to address two security bugs but fails to quash one of these completely. The security firm advises users to avoid Java where possible, particularly as a plugin to their browsers, where the main danger arises."